Upload
ellen-fox
View
251
Download
5
Tags:
Embed Size (px)
Citation preview
Learning ObjectivesLearning Objectives
• Basic Security Issues
• Threats and Attacks
• Managing E-Commerce Security
• Payment Revolution
• Online Payment
Basic Security IssuesBasic Security Issues
• Today’s web security problem has three primary facets:
•Securing web server and data on it
•Securing information that travels between web server and user
•Securing end user’s computer and other devices that people use to access the Internet
Threats and AttacksThreats and Attacks
1. NONTECHNICAL ATTACK (SOCIAL ENGINEERING)
2. TECHNICAL ATTACK
Technical AttackAn attack perpetrated using software and systems knowledge or expertise
Social Engineering
An attack that uses social pressures to
trick computer users into compromising
computer networks to which those
individuals have access
Social EngineeringSocial Engineering
Dear user of stmp.ciputra.ac.id,
We have detected that your email account was used to send a large amount of spam during the recent week. Obviously, your computer had been compromised and now runs a trojan proxy server. We recommend you to follow the instruction in the attachment (stmp-ciputra.zip) in order to keep your computer safe.
Regards,ICT SupportCiputra University
Dear user of stmp.ciputra.ac.id,
We have detected that your email account was used to send a large amount of spam during the recent week. Obviously, your computer had been compromised and now runs a trojan proxy server. We recommend you to follow the instruction in the attachment (stmp-ciputra.zip) in order to keep your computer safe.
Regards,ICT SupportCiputra University
Social Engineering(cont’d)Social Engineering(cont’d)
Social Engineering, the USB WaySteve StasiukonisVP & founder of Secure Network Technologies, Inc.
Social Engineering(cont’d)Social Engineering(cont’d)
• COUNTERMEASURES
• Education and training
• Policies and procedures
• Penetration testing
Managing EC SecurityManaging EC Security
• Security Policy
• Risk Assessment
• Authentication methods:
‣ Something you know: password
‣ Something you have: smart cards
‣ Something you are: biometrics